5 Ways Every Executive Needs to Improve Company Data Security

Keith Krach
May 12, 2016

In the last 10 years, data breaches at some of the world’s largest corporations have raised discussion about the effectiveness of available security measures in the digital age. Certain news outlets are even labeling 2015 as the year that data breaches became personal, with hackers moving past basic forms of identity theft toward such intimate information as health records, evidence of secret romantic liaisons, and even video inside of people’s homes. 

As the Internet of Things (IoT) continues to connect devices, consumers are looking to buy from companies that employ responsible practices to keep personal data safe from theft. Studies show that over 33 percent of created data generated by 25 billion devices will make its way through the cloud in the next four years, and 80 percent of it will be stored by businesses. The Internet of Things will not make security a simple task for the businesses of the future. 

Business executives who want to keep company and consumer data safe in the digital age should employ the following tips in their data security practices.

1. Consider security before implementing IoT applications, not after.

Implementing security into the design of your company’s technological systems before they become interconnected is a critical element in the protection of private data. Digitization of business practices has become the new imperative for any company that wants to remain relevant, but business leaders who want to implement a digital strategy need to do so in a calculated, meticulous manner. The development of security measures for new technology or software should be conducted during the technology’s implementation phase, not only after a weakness has been identified.

Integrating solid security measures into the design of your company’s technological systems reduces the possibility that your firm will be caught off guard by data theft accessed through a blind spot. While security systems embedded within new technology are crucial to securing data, the physical protection of devices is also important to consider. This is especially true for company devices operating offsite, away from the protection of the company’s primary location.

2. Rethink the delegation of IT responsibilities.

The Internet of Things has made technology too large and security too important to rely solely on your IT department for protection. The establishment of security protocol and discussions about where data is vulnerable will need to extend outside of your firm’s IT department so that responsibilities can be shared. This will help create a more comprehensive view of the company’s weak points and identify problems more easily.

IT professionals working in the age of the Internet of Things will need to work with a company’s physical security team and maintain direct communication with senior members across all departments. Interconnectivity between departments makes it simpler to communicate security updates and ensure all best practices are followed correctly. Additionally, IT teams will need to thoroughly research any technological products based on company security needs prior to purchase, and buy only from manufacturers that take data security seriously.

3. Implement a multi-tiered security system.

Conventional cybersecurity tools will no longer provide a standalone level of protection. Firewalls and anti-virus programs, as well as systems that scan for software intrusion, are growing progressively easier for hackers to bypass, while innovative ne’er-do-wells continue to develop more creative methods of illegal access. New threats are already present, in the form of malware delivered through security patches and software updates.

To protect private data, companies will need to develop a multi-tiered security system that incorporates multiple levels of protection. When building a multi-level security system, consider adding safety measures such as encryptions for all connections between IoT devices and the cloud, input sanitization software for backend servers, and policies that allow employees to access sensitive data only on a need-to-know basis.

4. Educate your employees.

Company employees have posed some of the biggest risks to data security in the past, and that risk grows as the Internet of Things extends its influence. From posting sensitive information on social media to losing company devices that contain private data, hackers often find their way into your system through simple mistakes made by staff members who are unaware of the risks.

One of the most common ways that thieves infiltrate your technology is through social engineering ploys, such as phishing scams. Using data collected from personal websites and professional blogs, scammers contrive plans that often result in unsuspecting employees sharing passwords or company codes. Because the Internet of Things depends upon the interconnectivity of large groups of technology, a thief who gains access to one device or software program will likely gain access to many.

To reduce the risk of social engineering, educate your employees to be responsible with company devices, mindful of the information they share on social media, and aware of potential scams sent via e-mail.

5. Keep your customers informed with transparent security policies.

Alongside educating your employees on security best practices in the workplace, your customers should also receive a clear outline of how your firm uses personal data through a well-articulated privacy policy. Media reports of data breaches negatively affecting the personal lives of customers have increased consumer awareness about the risks associated with increased interconnectivity. 

That said, being clear about your use of personal data will help protect you against bad press in the event of a data breach, and will also inspire greater brand confidence in your consumers. Create a transparent and honest overview of how customer data is used, and make it readily available on your website. 

Keith Krach

Keith Krach is Chairman of DocuSign, The Global Standard for Digital Transaction Management.